How to authenticate users in your apps using FI-WARE Account - Introduction

3,617 views
3,239 views

Published on

In this course you will learn to:
Use FI-WARE Account to create users, organizations and register your Applications.
Authenticate users in your apps with their credentials on FI-WARE using OAuth 2.0.
They’ll securely access resources thanks to authorization in FI-WARE Account.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,617
On SlideShare
0
From Embeds
0
Number of Embeds
359
Actions
Shares
0
Downloads
72
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

How to authenticate users in your apps using FI-WARE Account - Introduction

  1. 1. How to authenticate users in your apps using FI-WARE Account In this course you will learn to: § Use FI-WARE Account to create users, organizations and register your Applications. § Authenticate users in your apps with their credentials on FI-WARE using OAuth 2.0. They’ll securely access resources thanks to authorization in FI-WARE Account. 1
  2. 2. Content 1. Introduction. Introduction to FI-WARE Account and OAuth 2.0. We’ll see key concepts and topics. 2. First steps in FI-WARE Account. Register on FI-WARE Account, create organizations and manage roles of users in your organizations. 3. Secure your web applications using OAuth 2.0. Secure your own web applications to authenticate your users with their username and password in FI-WARE Account. 4. Authenticate your users from native applications using OAuth 2.0. Adapt your native applications to authenticate your users with their username and password in FI-WARE Account. 5. Developing secured APIs using OAuth 2.0. Deploy a FI-WARE PEP Security Proxy in front of your backend to secure requests to your APIs. 6. Authorizing access to protected resources. Create roles in your applications to allow or deny access of users to protected resources. 2
  3. 3. Identity Management 3
  4. 4. Identity Management in FI-WARE 4
  5. 5. Identity Management in FI-WARE §  Management of users, their authentication and authorization, and privileges within organizations. §  Resources used: •  Users •  Organizations •  Roles •  Applications §  Users register themselves, create organizations, and assign roles into these organizations. §  It enables applications to access user’s protected information. •  Trusted environment •  OAuth 2.0 standard §  http://oauth.net/2/ •  PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. 5
  6. 6. OAuth 2.0 6
  7. 7. OAuth 2.0 7
  8. 8. OAuth 2.0 §  Mechanism to provide applications access to restricted resources without sharing credentials. §  Applications use access tokens, issued by OAuth providers (e.g. FI-WARE), to access resources. §  OAuth 2.0 specification is designed for use with HTTP. §  Roles: •  Resource Owner: Entity capable of granting access to a protected resource (e.g. end-user) •  Resource Server: Server hosting protected resources. •  Client: Application making protected resource requests on behalf of the resource owner. •  Authorization Server: The server issuing access tokens to the client. 8
  9. 9. OAuth 2.0 Architecture 9
  10. 10. OAuth 2.0 Architecture Authorization Code Grant 6. Response code + myservice.com credentials 7. Ok, this is the Access Token 8. Access user’s resources with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org 10
  11. 11. OAuth 2.0 Architecture Implicit Grant 6. Access user’s resources with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org 11
  12. 12. OAuth 2.0 Arch. Resource Owner Password Credentials Grant 2. Give access with myservice.com credentials and user’s password credentials 3. OK, this is the access token OAuth consumer myservice.com 4. Access user’s resources with Access Token 12 OAuth provider account.lab.fi-ware.org
  13. 13. OAuth 2.0 Architecture Client Credentials Grant 1. Client authentication with myservice.com credentials 2. OK, this is the access token OAuth consumer myservice.com 3. Access myservice.com resources with Access Token 13 OAuth provider account.lab.fi-ware.org
  14. 14. Using the Access Token 14
  15. 15. Using the Access Token FI-WARE Resource Providers GET /user?access_token=access_token Access protected user info with Access Token OAuth consumer myservice.com OAuth provider account.lab.fi-ware.org Acce ss p rotec ted r e sour ces GET https://ge_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token with Acce ss T oken Generic Enablers *.fi-ware.org 15
  16. 16. Using the Access Token Third-Party Resource Providers GET https://protected_url HTTP/1.1 Host: GE_hostname Authorization: Bearer access_token Access protected user info with Access Token OAuth consumer myservice.com PEP Proxy Unsecured Resource Provider 16
  17. 17. Using the Access Token Cloud Hosting I GET /user?access_token=access_token Retrieve list of organizations OAuth consumer myservice.com Retr OAuth provider account.lab.fi-ware.org ieve Scop ed T oken in or g aniz ation ORG _ID POST http://cloud.lab.fi-ware.eu:4730/v2.0/tokens { "auth":{ "tenantID":”ORG_ID", "token":{ "id":"access_token" } } } 17 Keystone Proxy cloud.lab.fi-ware.org
  18. 18. Using the Access Token Cloud Hosting II Access using Scoped Token DCRM GE cloud.lab.fi-ware.org Access using Scoped Token PaaS GE pegasus.lab.fi-ware.org Access using Scoped Token SDC GE saggita.lab.fi-ware.org Access using Scoped Token Object Storage GE 130.206.82.9 OAuth consumer myservice.com 18
  19. 19. More Info §  FI-WARE Account’s OAuth 2.0 API: •  Documentation: https://github.com/ging/fi-ware-idm/wiki/ •  OAuth 2.0 API: https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance §  OAuth 2.0 Specification: •  http://tools.ietf.org/html/rfc6749 §  FI-WARE PEP Proxy: •  https://github.com/ging/fi-ware-pep-proxy 19
  20. 20. Demo Geek Blog blog.com 20
  21. 21. Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 21
  22. 22. Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 22
  23. 23. Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 23
  24. 24. Demo OAuth provider account.lab.fi-ware.org Geek Blog blog.com PEP Proxy 24

×